PyCrypto - The Python Cryptography Toolkit

Random number generation

Here is the current list of known random number generation issues/bugs
that have been found in previous versions of PyCrypto:

In versions prior to v2.6.1, Crypto.Random was insecure when using fork() in some cases.
See the advisory for CVE-2013-1445
for more information. It is recommended that users upgrade to PyCrypto v2.6.1 or later.

In versions prior to v2.1.0, Crypto.Util.randpool.RandomPool was unsafe as commonly used.
It was not thread-safe or fork-safe at all, and it was not always properly
seeded with entropy. This was by design, but most application developers
simply read from it without any further thought, resulting in insecure
applications.
See this thread for more information.
It is now is deprecated, and will be removed in a future
release; Use Crypto.Random or os.urandom instead.

Keeping an entropy pool in a
user-space program is complex and error-prone. It is especially difficult to
do reliably in a generic crypto library, and it is quitecommon for mistakes to be made.
Hopefully, operating systems will one day provide random number generation
facilities that are sufficiently fast, trustworthy, and reliable that they
can completely replace the multitude of user-space random number generators
that currently plague our software.

Don't create copyright headaches. It took me the better part of
a year to sort out the licensing ambiguities in PyCrypto 2.0.1. If you're
adding new files, include the standard PyCrypto public domain dedication at
the top.

Whatever you do in _fastmath.c, also do in _slowmath.py.
PyCrypto has two math libraries: one that depends on libgmp, and one
that doesn't. They need to be kept synchronized with each other.

Make small, incremental, well-documented changes. Your commit
messages should be clear and detailed. Include any applicable background
information. Your patches should do one thing. Your code should have
sensible comments.

Export of cryptography software

The export of cryptography software is (still) governed by arms control
regulations in Canada, the United States, and elsewhere. The export or
re-export of this software may be regulated by law in your country.